Skip to content

Installing Knative-Serving to non-default namespace has incorrect kourier bootstrap #2049

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
arsenetar opened this issue Mar 30, 2025 · 4 comments
Open

Installing Knative-Serving to non-default namespace has incorrect kourier bootstrap #2049

arsenetar opened this issue Mar 30, 2025 · 4 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@arsenetar
Copy link

Describe the bug
When deploying Knative-Serving to a non-default namespace (knative-test) the kourier bootstrap is still generated pointing the gateways to use net-kourier-controller.knative-serving for the xds cluster. This causes the gateways to not come up healthy.

Expected behavior
Kourier is correctly configured to work in the namespace the components are deployed in. (Since the operator deploys kourier gateways in the same namespace as all the other components net-kourier-controller works for the address.)

To Reproduce
Deploy Knative-Serving into a non-default namespace (knative-test) with kourier as ingress.

Knative release version
Seems to impact all versions currently supported by the operator as they configure kourier the same.

Additional context
@arsenetar arsenetar added the kind/bug Categorizes issue or PR as related to a bug. label Mar 30, 2025
@houshengbo
Copy link
Contributor

@arsenetar You were right. I just found out that the namespace is hardcoded in the yaml of kourier.yaml as

...
          load_assignment:
            cluster_name: xds_cluster
            endpoints:
              lb_endpoints:
                endpoint:
                  address:
                    socket_address:
                      address: "net-kourier-controller.knative-serving"
                      port_value: 18000
...

I am thinking of how to to fix it.

@houshengbo
Copy link
Contributor

@arsenetar

It is not quite intuitive for me to change the yaml and load in the operator to change a field but within the data of a configMap.

I have got one solution right now to resolve it, though it may look ugly. The configuration is from a configmap. To change the configmap, you can edit your cr like this:

It is dumping all configurations of the CM kourier-bootstrap into the KnativeServing CR, after changing the address: "net-kourier-controller.knative-test".

apiVersion: operator.knative.dev/v1beta1
kind: KnativeServing
metadata:
  name: knative-serving
  namespace: knative-test
spec:
  version: "1.17"
  ingress:
    kourier:
      enabled: true
  config:
    network:
      ingress-class: "kourier.ingress.networking.knative.dev"
    kourier-bootstrap:
      envoy-bootstrap.yaml: |
        dynamic_resources:
          ads_config:
            transport_api_version: V3
            api_type: GRPC
            rate_limit_settings: {}
            grpc_services:
            - envoy_grpc: {cluster_name: xds_cluster}
          cds_config:
            resource_api_version: V3
            ads: {}
          lds_config:
            resource_api_version: V3
            ads: {}
        node:
          cluster: kourier-knative
          id: 3scale-kourier-gateway
        static_resources:
          listeners:
            - name: stats_listener
              address:
                socket_address:
                  address: 0.0.0.0
                  port_value: 9000
              filter_chains:
                - filters:
                    - name: envoy.filters.network.http_connection_manager
                      typed_config:
                        "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
                        stat_prefix: stats_server
                        http_filters:
                          - name: envoy.filters.http.router
                            typed_config:
                              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
                        route_config:
                          virtual_hosts:
                            - name: admin_interface
                              domains:
                                - "*"
                              routes:
                                - match:
                                    safe_regex:
                                      regex: '/(certs|stats(/prometheus)?|server_info|clusters|listeners|ready)?'
                                    headers:
                                      - name: ':method'
                                        string_match:
                                          exact: GET
                                  route:
                                    cluster: service_stats
                                - match:
                                    safe_regex:
                                      regex: '/drain_listeners'
                                    headers:
                                      - name: ':method'
                                        string_match:
                                          exact: POST
                                  route:
                                    cluster: service_stats
          clusters:
            - name: service_stats
              connect_timeout: 0.250s
              type: static
              load_assignment:
                cluster_name: service_stats
                endpoints:
                  lb_endpoints:
                    endpoint:
                      address:
                        socket_address:
                          address: 127.0.0.1
                          port_value: 9901
            - name: xds_cluster
              # This keepalive is recommended by envoy docs.
              # https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol
              typed_extension_protocol_options:
                envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
                  "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
                  explicit_http_config:
                    http2_protocol_options:
                      connection_keepalive:
                        interval: 30s
                        timeout: 5s
              connect_timeout: 1s
              load_assignment:
                cluster_name: xds_cluster
                endpoints:
                  lb_endpoints:
                    endpoint:
                      address:
                        socket_address:
                          address: "net-kourier-controller.knative-test"
                          port_value: 18000
              type: STRICT_DNS
        admin:
          access_log:
          - name: envoy.access_loggers.stdout
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
          address:
            socket_address:
              address: 127.0.0.1
              port_value: 9901

@arsenetar
Copy link
Author

I was thinking just adding an additional Transform to https://github.com/knative/operator/blob/main/pkg/reconciler/knativeserving/ingress/kourier.go would be the approach to take to set the value correctly.

@houshengbo
Copy link
Contributor

houshengbo commented Apr 25, 2025
edited
Loading

It was not easy, since this is the data of the whole configmap, not like a specific or single field we can target in other kubernetes objects. Not sure if you have any suggestions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@houshengbo @arsenetar